Best Dalfox Alternatives & Competitors in 2026

RoboShadow OWASP ZAP Vulnerability Scanner

Web app & network vulnerability scanner integrating OWASP ZAP, Shodan & Nmap

RoboShadow Mobile Network Scanner

Android app for scanning networks to identify security vulnerabilities

CyberChecker

Automated web vulnerability scanner with 60+ security checks

Guardian360 Quickscan WP Plugin

WordPress plugin for website security scanning via the Guardian360 API.

KICS

KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

ssh-audit by jtesta

ssh-audit is a Python-based tool for auditing SSH server and client configurations to identify security weaknesses and ensure compliance with best practices.

ASH - The Automated Security Helper

ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.

XSStrike

A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.

extended-xss-search

A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.

XSSCon

A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities

XSSwagger

A specialized scanner that detects XSS vulnerabilities in older versions of Swagger-ui implementations.

Sucuri Website Malware Scanner

Website malware scanner with remote & server-side scanning capabilities

Intruder XSS Scanner

XSS vulnerability scanner for web apps and APIs with automated scanning

DNSAudit.io

Free DNS security scanner that checks domains for misconfigs and exposure.

Perisai Web Scanner

Automated web scanner detecting vulnerabilities and HTTP security headers

OpenDoor

Open-source CLI platform for web recon, dir discovery & subdomain enum.

Email Security Test by ImmuniWeb

A free online tool that tests email server security by evaluating server configurations

Website Privacy Test

Website privacy and security testing tool for cookie and third-party analysis

ImmuniWeb SSL Test

AI-powered platform for SSL/TLS security testing and compliance assessment

S3Scanner

S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.

check-my-headers

A Node.js tool that analyzes HTTP security headers on websites to identify missing or problematic security configurations.

tfsec to Trivy Migration

tfsec is being replaced by Trivy, a more comprehensive open-source security solution

Recog

A recognition framework for identifying products, services, operating systems, and hardware by matching fingerprints against network probes.

CloudFrunt

CloudFrunt identifies misconfigured Amazon CloudFront domains that are vulnerable to hijacking due to improper CNAME configuration.

Acunetix Web Vulnerability Scanner

A tool that automatically audits website security by crawling an entire website and identifying vulnerabilities

XSSer

Automatic tool for pentesting XSS attacks against different applications

CorsMe

CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.

SSRFire

Automated SSRF finder with options for XSS and open redirects

XSpear

A powerful XSS scanning and parameter analysis tool

xssmap

A Python-based tool for detecting XSS vulnerabilities

WPSpider

A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.

OWASP Joomla Vulnerability Scanner

A free and open-source tool for identifying vulnerabilities in Joomla-based websites.

second-order

Second-order subdomain takeover scanner

Jsmon 2.0

JavaScript security scanner for detecting vulnerabilities in third-party scripts

Aikido EOL Scanner

Detects end-of-life and outdated software in code and containers

CyCognito Active Security Testing

Automated active security testing platform for external attack surfaces

CHEQ Form Guard

Protects web forms from bots and fake users to prevent junk leads

Verisys Antivirus API

REST API service for scanning files/URLs for malware, viruses & NSFW content.

LinksDumper

LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.

Bitdefender Link Checker

Free URL scanner that checks links for malware, phishing, and fraud threats

Cloudmersive Virus Scan

Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.

NMAP

Nmap is an essential network scanning tool used for network security auditing and status monitoring.

Dnscan

Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.

Pagodo

Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.

Spoofcheck

Simple script to check a domain's email protections and identify vulnerabilities.

Yasuo

A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.

RustScan

Fast, smart, effective port scanner with extensive extendability and adaptive learning.

Nipper-ng

A next-generation network scanner for identifying security configuration weaknesses in devices like routers, firewalls, and switches.